Commit Graph

22671 Commits (851fca2107fbb4cd9f6b725ee6779577e628bf41)

Author SHA1 Message Date
jvazquez-r7 c2dce19768 Don't use a temporary registerfor the dup2 loop counter 2014-01-07 17:39:27 -06:00
James Lee 22bdca92f4
Remove the ipv6 attr on Range
Makes more sense in the option hash.
2014-01-07 16:52:34 -06:00
James Lee 9c23910b69
Refactor Socket::Range
There was really no reason for it to inherit from Array. Also adds a few
more specs and gets coverage up to a more respectable percentage.
2014-01-07 16:31:55 -06:00
jvazquez-r7 a85492a2d7 Fix my own busted dup2 sequence 2014-01-07 16:27:01 -06:00
Joe Vennix 7af8fe9cd1 Catch exceptions in an XSS script and return the error. 2014-01-07 16:23:24 -06:00
Joe Vennix fb1a038024 Update async API to actually be async in all cases.
This avoids zalgo. Also optionally checks the return value
of the compiled Function in XSS to allow you to use send()
or an explicit return, which is maybe more natural for
synchronous xss payloads.
2014-01-07 16:17:34 -06:00
jvazquez-r7 3230b193e1 Make better comment 2014-01-07 15:32:46 -06:00
jvazquez-r7 80dcda6f76 Fix bind call 2014-01-07 15:31:42 -06:00
Niel Nielsen 266b040457 Update cachedump.rb
Change to OpenSSL::Digest from deprecated OpenSSL::Digest::Digest
2014-01-07 22:14:10 +01:00
Niel Nielsen d567737657 Update reverse_tcp_rc4_dns.rb
Change to OpenSSL::Digest from deprecated OpenSSL::Digest::Digest
2014-01-07 22:12:38 +01:00
Niel Nielsen 385ae7ec38 Update reverse_tcp_rc4.rb
Change to OpenSSL::Digest from deprecated OpenSSL::Digest::Digest
2014-01-07 22:11:16 +01:00
Niel Nielsen 693d95526b Update bind_tcp_rc4.rb
Change to OpenSSL::Digest from deprecated OpenSSL::Digest::Digest
2014-01-07 22:09:53 +01:00
Niel Nielsen 1479ef3903 Update typo3_winstaller_default_enc_keys.rb
Change to OpenSSL::Digest from deprecated OpenSSL::Digest::Digest
2014-01-07 22:08:10 +01:00
Niel Nielsen 73e359ede1 Update reverse_tcp.rb
Change to OpenSSL::Digest from deprecated OpenSSL::Digest::Digest
2014-01-07 22:06:11 +01:00
Niel Nielsen e3a3b560e2 Update bind_tcp.rb
Change to OpenSSL::Digest from deprecated OpenSSL::Digest::Digest
2014-01-07 22:02:52 +01:00
jvazquez-r7 b5524654d5 Delete comment 2014-01-07 14:50:26 -06:00
jvazquez-r7 45c86d149f Modify authors field 2014-01-07 14:50:12 -06:00
jvazquez-r7 d6639294aa Save some instructions with dup2 2014-01-07 14:41:33 -06:00
Niel Nielsen e79ccb08cb Update rails_secret_deserialization.rb
When using aws-sdk with Ruby 2.1.0-rc1, many "Digest::Digest is deprecated; use Digest" warnings are printed.
Even in Ruby 1.8.7-p374, OpenSSL::Digest::Digest is only provided for backward compatibility.
2014-01-07 21:41:15 +01:00
jvazquez-r7 9cf221cdd6 Delete delay slots after syscall 2014-01-07 13:18:20 -06:00
jvazquez-r7 21b146fab3
Land #2834, @joev-r7's linksys_wrt110_cmd_exec update 2014-01-07 13:01:35 -06:00
jvazquez-r7 590547ebc7 Modify title to avoid versions 2014-01-07 13:01:10 -06:00
James Lee 2ed9772080
Fix unhandled exceptions when resolution fails 2014-01-07 12:00:04 -06:00
Joe Vennix c34af35230 Add wrt100 to the description and title.
* The wrt110 and wrt100 share the same firmware, and are both vulnerable to this
bug.
2014-01-07 10:26:15 -06:00
Joe Vennix 1057cbafee Remove deprecated linksys module. 2014-01-07 10:22:35 -06:00
jvazquez-r7 70d4082c0c Add formatting blank lines and delete comment 2014-01-07 09:55:36 -06:00
jvazquez-r7 3edd2a50e2 Shorter mipsle shell_reverse_tcp 2014-01-07 09:45:28 -06:00
James Lee a6b25d3323
Add failing spec for invalid hostname bug 2014-01-06 17:49:27 -06:00
William Vu db8eeac82c
Land #2830, vtiger_soap_upload title fix 2014-01-06 14:03:21 -06:00
Tod Beardsley c0a82ec091
Avoid specific versions in module names
They tend to be a lie and give people the idea that only that version is
vulnerable.
2014-01-06 13:47:24 -06:00
sinn3r 185e15c50c
Land #2829 - Fix Travis's build failure 2014-01-06 13:21:19 -06:00
Tod Beardsley 5c77f4dc0f
Don't try to bundle exec before bundle install 2014-01-06 12:47:36 -06:00
Tod Beardsley e168b92b0c
Add bundle exec rake to avoid system rake 2014-01-06 12:29:50 -06:00
Tod Beardsley 5ae4215229
Hey Travis what's up with your rake version? 2014-01-06 12:11:07 -06:00
William Vu 0a60e77265
Land #2826, reverse_http{,s} address:port fix 2014-01-06 11:52:51 -06:00
Joe Vennix 49d1285d1b Add explicit json require. 2014-01-06 11:15:10 -06:00
sinn3r 1cdfbfeed5
Land #2820 - vTigerCRM SOAP AddEmailAttachment Arbitrary File Upload 2014-01-06 10:36:02 -06:00
Joe Vennix 96e97d4768 Oops, the default bufsize is 0 anyways. 2014-01-05 18:57:56 -06:00
Joe Vennix b64df51fa0 Fixes #8732 by reading until EOF reached.
* use a lambda for cleaner iterator.
* also disables buffering, since we are reading byte-by-byte in the first place
and maintaining our own buffer (#data).
2014-01-05 18:36:22 -06:00
Joe Vennix 9d3b86ecf4 Add explicit require for JSON, so msfpayload runs. 2014-01-05 14:58:18 -06:00
Joe Vennix 3b29c370bd Fix bug in the firefox/exec payload. 2014-01-05 11:24:41 -06:00
OJ e3b90f3c4e Fix issue with incorrect parameter parsing
Code was looking for -s instead of -a when dealing with domain
queries. This commit fixes that.
2014-01-05 20:06:47 +10:00
Joe Vennix d00acccd4f Remove Java target, since it no longer works. 2014-01-04 21:22:47 -06:00
OJ 8898486820 Change display message to show actual bind address
When running a http/https listener the address:port that was being
shown in the output was that which was passed to the victim as part
of the stager and not the actual listener address:port.

This commit fixes this so that the display is correct.
2014-01-05 11:28:51 +10:00
Joe Vennix 723c0480ab Fix description to be accurate. 2014-01-04 19:06:01 -06:00
OJ 6bfe6d6c5c
Landing #2825 [FixRM #8726] 2014-01-05 11:05:50 +10:00
Joe Vennix f2f68a61aa Use shell primitives instead of resorting to
echo hacks.
2014-01-04 19:00:36 -06:00
Raphael Mudge 6034c26fa7 Honor LPORT as callback port for HTTP/S handler
This commit completes our quest to (optionally) decouple the stage's
callback parameters from the interface/port our handler binds to.

LPORT is now patched into the stage over ReverseListenerBindPort.
2014-01-04 18:52:19 -05:00
Raphael Mudge 3c9d684759 Cleanup - Remove bind_address from reverse_http.rb
This commit removes the now unused bind_address function from
reverse_http.rb. This function returns an array of hosts the handler
should attempt to bind to (e.g., [LHOST value, any])

Other handlers (e.g., reverse_tcp.rb) loop through these values until
they're able to start a server with that bind address.

The HTTP server doesn't work this way. It's setup to try one address
and that's it. It makes sense to have the HTTP server always bind to
0.0.0.0 by default as future modules run by the user may register
resources with the same HTTP server.
2014-01-04 16:02:32 -05:00
Raphael Mudge 6f55579acd HTTP Handler Bind to 0.0.0.0 or ReverseListenerBindAddress
This commit returns the HTTP/S handler to its former semantic glory.
By default the HTTP/S handler will bind to :: or 0.0.0.0. If the
user specifies a ReverseListenerBindAddress then, instead, the
server will bind to that address.

The previous commit to change the URL to always reference LHOST
should go with this too. LHOST is always my intent of where the
stage should call home too. ReverseListenerBindAddress would make
sense as my intent as to where I want to bind to. The two options
shouldn't take on each other's meanings.
2014-01-04 15:50:06 -05:00